Page MenuHomePhabricator
Differential D15696

Don't apply `security.require-https` to intracluster requests
ClosedPublic
Actions

Authored by epriestley on Apr 13 2016, 1:17 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Apr 16, 5:40 PM
Unknown Object (File)
Wed, Apr 10, 11:12 PM
Unknown Object (File)
Sat, Mar 30, 8:40 PM
Unknown Object (File)
Fri, Mar 29, 7:57 PM
Unknown Object (File)
Fri, Mar 29, 1:19 AM
Unknown Object (File)
Wed, Mar 27, 2:34 AM
Unknown Object (File)
Wed, Mar 27, 2:34 AM
Unknown Object (File)
Tue, Mar 26, 3:10 AM
View All Files
Subscribers
None

Details

Reviewers
chad
Maniphest Tasks
T10784: Deploy secure002.phacility.net
Commits
rP66366137ffa9: Don't apply `security.require-https` to intracluster requests
Summary

Ref T10784. Currently, if you terminate SSL at a load balancer (very common) and use HTTP beyond that, you have to fiddle with this setting in your premable or a SiteConfig.

On the balance I think this makes stuff much harder to configure without any real security benefit, so don't apply this option to intracluster requests.

Also document a lot of stuff.

Test Plan

Poked around locally but this is hard to test outside of a production cluster, I'll vet it more thoroughly on secure.

Diff Detail

Repository
rP Phabricator
Branch
crepo8
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 11686
Build 14630: Run Core Tests
Build 14629: arc lint + arc unit

Event Timeline

epriestley updated this revision to Diff 37818.Apr 13 2016, 1:17 PM
epriestley retitled this revision from to Don't apply `security.require-https` to intracluster requests.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
epriestley added a task: T10784: Deploy secure002.phacility.net.
epriestley mentioned this in T10784: Deploy secure002.phacility.net.Apr 13 2016, 1:22 PM
chad accepted this revision.Apr 13 2016, 4:28 PM
chad edited edge metadata.
chad added inline comments.
src/docs/user/cluster/cluster.diviner
96

accessing? or access to?

This revision is now accepted and ready to land.Apr 13 2016, 4:28 PM
epriestley updated this revision to Diff 37825.Apr 13 2016, 4:36 PM
epriestley edited edge metadata.
  • Add missing "access to".
Closed by commit rP66366137ffa9: Don't apply `security.require-https` to intracluster requests (authored by epriestley, committed by epriestley). · Explain WhyApr 13 2016, 7:51 PM
This revision was automatically updated to reflect the committed changes.
epriestley mentioned this in T10751: Make Phabricator Highly Available.Apr 14 2016, 5:50 PM

Revision Contents
Changeset List

PathSize
src/
aphront/
configuration/
12 lines
site/
9 lines
applications/
config/
option/
23 lines
13 lines
docs/
user/
cluster/
76 lines
12 lines
26 lines

Diff 37818

View Options

src/aphront/configuration/AphrontApplicationConfiguration.php

Loading...
View Options

src/aphront/site/PhabricatorSite.php

Loading...
View Options

src/applications/config/option/PhabricatorClusterConfigOptions.php

Loading...
View Options

src/applications/config/option/PhabricatorSecurityConfigOptions.php

Loading...
View Options

src/docs/user/cluster/cluster.diviner

Loading...
View Options

src/docs/user/cluster/cluster_databases.diviner

Loading...
View Options

src/docs/user/cluster/cluster_repositories.diviner

Loading...
Phabricator · Built by Phacility